hijack list

**dfast88** · 12-10-2006

Hey guys,
Followed the directions from my email last night (run spybot, adware and avg)
Here is my hijackthis log. Once again, my comp. tends to run slow and slow stop completly for a period of time. Also it seems that the CPU is running constently at 100% and the fan sounds like a rocket taking off when the comp. really lags.
Hope you can help
Dave

Logfile of HijackThis v1.99.1
Scan saved at 7:48:30 PM, on 10/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ginger\Desktop\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158469007544
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158468997544
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2164EF55-7511-4295-997F-7212DC434D7A}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2164EF55-7511-4295-997F-7212DC434D7A}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

**dfast88** · 12-10-2006

hi all,
I would really like someone to take a look at my hijackthis log.

thank you

Dave

**dfast88** · 13-10-2006

Originally Posted by dfast88

hi all,
I would really like someone to take a look at my hijackthis log.

thank you

Dave

Just bumping this to hopefully get a reply

**Neal** · 14-10-2006

Welcome,

You do not have any microsoft updates(security)

Go here to download SP1a

http://www.microsoft.com/windowsxp/d...1/default.mspx

Do not get service pack 2 on an infected computer.

INSTRUCTIONS FOR USING AVG ANTI-SPYWARE in "NORMAL MODE"

Download and scan with AVG Anti-Spyware
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc

* Press "OK".
* Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
* When you find the guard service, double-click on it.
* In the Properties Window > General Tab that opens, click the "Stop" button.
* From the drop-down menu next to "Startup Type", click on "Manual".
* Now click "Apply", then "OK" and close the Services window.

9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message". If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from HERE .

Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.

* Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
* Under "How to Scan?" check all (default).
* Under "Possibly unwanted software" check all (default).
* Under "What to Scan?" make sure "Scan every file" is selected (default).
* Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the "Apply all actions button". If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done and submit the log report in your next response.

Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

New hijackthis log please.

**dfast88** · 16-10-2006

Hi Neal,

Thanks for responding. Was out or town and this was the first chance to do what you suggested.
Here is the "avg anti-spyware" report. Still trying to run a new hijackthis report. I seem to be having problems with the script. Keep getting a script error
Line: 47
char:1
Error: Type mismatch: "loadscript"
Code: 0

Once again thanks

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:59:34 PM 10/15/2006

+ Scan result:

:mozilla.119:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\jennifer\Cookies\jennifer@msnportal.112.2 o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\john\Cookies\john@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.71:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.11:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.29:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.62:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.151:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.33:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.34:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.35:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.47:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.98:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.94:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.97:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.162:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.163:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.10:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.20:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.158:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.159:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.56:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.61:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.171:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.93:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.115:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.116:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.124:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.128:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.129:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.27:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.107:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.108:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.109:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.110:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.104:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.105:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.106:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.25:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.26:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\3lxtg2hl.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.16:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.19:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.100:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.102:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.130:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.27:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.28:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.29:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.30:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.95:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.96:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.63:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.67:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.69:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.53:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.54:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.84:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.146:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.147:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\jana\Application Data\Mozilla\Firefox\Profiles\3woe7n9n.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.64:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.65:C:\Documents and Settings\jennifer\Application Data\Netscape\NSB\Profiles\9ihub4ka.default\cookie s.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

**dfast88** · 16-10-2006

Neal,

Here is the hijackthis report
ogfile of HijackThis v1.99.1
Scan saved at 8:18:52 PM, on 10/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\ginger\Desktop\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158469007544
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158468997544
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2164EF55-7511-4295-997F-7212DC434D7A}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2164EF55-7511-4295-997F-7212DC434D7A}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

**Neal** · 16-10-2006

Hi,

Nothing but cookies was found on that AVG scan.

To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.

Uncheck cookies

Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)

Download Silent runners.Vbs post the log it creates please
http://www.silentrunners.org/sr_scriptuse.html click yes to the suplimentry searchs
Wait until there is a All Done message !!, Then open and post the log next to it.
Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.

Also a new hijackthis log, Thanks.

**dfast88** · 17-10-2006

Neal,

Here is the "Silent Runners" log as well as the new "hijackthis log" following the use of the CCleaner

Thanks

Dave

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]
"monitr32" = "C:\Program Files\Canon\MultiPASS4\monitr32.exe" ["Canon Inc"]
"MPTBox" = "C:\Program Files\Canon\MultiPASS4\MPTBox.exe" ["Canon Inc"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{4B4604E0-8961-11D4-A0EC-009099164712}" = "My MultiPASS"
-> {HKLM...CLSID} = "My MultiPASS"
\InProcServer32\(Default) = "C:\Program Files\Canon\MultiPASS4\DTM4.DLL" ["Canon Inc"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Startup items in "ginger" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
MpService, MpService, "C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE" ["Canon Inc"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools Research Pty Ltd"]
PCTEL Speaker Phone, Pctspk, "C:\WINDOWS\system32\pctspk.exe" ["PCtel, Inc."]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Canon MP Language Monitor\Driver = "MPASSMON.DLL" ["Canon Inc"]
Canon MultiPASS USB Port\Driver = "mpupmon.dll" [null data]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 518 seconds, including 4 seconds for message boxes)

Logfile of HijackThis v1.99.1
Scan saved at 5:29:26 PM, on 10/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\ginger\Desktop\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158469007544
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158468997544
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2164EF55-7511-4295-997F-7212DC434D7A}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2164EF55-7511-4295-997F-7212DC434D7A}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

**Neal** · 17-10-2006

Well don't see a thing, may be something corrupt somewhere. I will keep looking just in case for a little while.

Try running this:

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.
Please print these instructions as you will be going into safe mode.
Reboot your computer into Safe Mode by following the following steps:

Reboot.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt

Also...

Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

**dfast88** · 18-10-2006

Neal,

First off, thanks for helping out. I saw that theo other guy is on vacation and you are the only one doing this now. Here is the WinPFind list followed by the Hijackthis uninstall list.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/17/2006 5:44:26 PM
WinPFind v1.5.0 Folder = C:\winpfind\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/18/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PECompact2 10/4/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/4/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/18/2001 5:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/29/2002 3:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/18/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...
UPX! 10/10/2006 8:44:32 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 10/10/2006 8:44:32 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 10/10/2006 8:44:32 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 10/10/2006 8:44:32 PM 778656 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/17/2006 4:49:48 PM S 2048 C:\WINDOWS\bootstat.dat ()
9/12/2006 7:59:08 PM RH 749 C:\WINDOWS\WindowsShell.Manifest ()
9/12/2006 7:59:16 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini ()
9/12/2006 8:00:10 PM HS 67 C:\WINDOWS\Fonts\desktop.ini ()
9/12/2006 9:16:34 PM H 8628 C:\WINDOWS\Help\netcfg.GID ()
9/16/2006 9:57:14 PM H 0 C:\WINDOWS\inf\oem1.inf ()
9/16/2006 9:57:42 PM H 0 C:\WINDOWS\inf\oem2.inf ()
9/12/2006 7:59:16 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini ()
9/12/2006 7:59:42 PM RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1 .cab ()
9/12/2006 7:59:42 PM RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2 .cab ()
9/12/2006 7:59:42 PM RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3 .cab ()
10/15/2006 4:17:48 PM RHS 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5 .cab ()
9/12/2006 8:00:54 PM H 237568 C:\WINDOWS\repair\ntuser.dat ()
9/12/2006 8:34:50 PM H 1024 C:\WINDOWS\repair\SAM.LOG ()
9/12/2006 8:34:50 PM H 1024 C:\WINDOWS\repair\SECURITY.LOG ()
9/12/2006 8:34:52 PM H 1024 C:\WINDOWS\repair\SOFTWARE.LOG ()
9/12/2006 8:34:52 PM H 1024 C:\WINDOWS\repair\SYSTEM.LOG ()
9/12/2006 7:59:08 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest ()
9/12/2006 7:59:16 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest ()
9/12/2006 7:59:08 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest ()
9/12/2006 7:59:08 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest ()
9/12/2006 7:59:08 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest ()
9/12/2006 7:59:16 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest ()
9/12/2006 7:59:08 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest ()
8/29/2006 12:59:16 PM S 30933 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.CAT ()
10/17/2006 4:49:40 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
10/17/2006 4:50:08 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/17/2006 4:49:50 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/17/2006 4:50:58 PM H 131072 C:\WINDOWS\system32\config\software.LOG ()
10/17/2006 4:49:54 PM H 806912 C:\WINDOWS\system32\config\system.LOG ()
9/12/2006 12:49:14 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG ()
9/12/2006 12:49:16 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG ()
10/10/2006 8:05:30 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DA T.LOG ()
9/12/2006 12:51:08 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\desktop.ini ()
9/12/2006 8:06:52 PM HS 2570 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\Internet Explorer\Desktop.htt ()
9/12/2006 8:07:04 PM HS 160 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini ()
9/12/2006 8:07:02 PM HS 122 C:\WINDOWS\system32\config\systemprofile\Favorites \Desktop.ini ()
9/12/2006 8:06:36 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini ()
9/12/2006 8:32:02 PM H 2147506 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db ()
9/16/2006 9:37:22 PM H 262144 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat ()
9/16/2006 9:37:18 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
9/12/2006 8:06:50 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini ()
9/12/2006 7:59:44 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini ()
9/12/2006 8:06:40 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
9/12/2006 7:59:44 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
9/12/2006 7:59:44 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KVUF6DOP\desktop.ini ()
9/12/2006 7:59:44 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O3CPSZIB\desktop.ini ()
9/12/2006 7:59:44 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OPMV8BCD\desktop.ini ()
9/12/2006 7:59:44 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WBYLA78P\desktop.ini ()
9/12/2006 8:07:02 PM HS 76 C:\WINDOWS\system32\config\systemprofile\My Documents\desktop.ini ()
9/12/2006 8:07:02 PM HS 181 C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\Desktop.ini ()
9/12/2006 8:07:02 PM HS 183 C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Desktop.ini ()
9/12/2006 8:07:02 PM HS 150 C:\WINDOWS\system32\config\systemprofile\Recent\De sktop.ini ()
9/12/2006 7:59:20 PM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\de sktop.ini ()
9/12/2006 12:51:08 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini ()
9/12/2006 8:06:56 PM HS 269 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini ()
9/12/2006 8:06:56 PM HS 542 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini ()
9/12/2006 8:00:52 PM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.in i ()
9/12/2006 8:00:52 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.in i ()
9/12/2006 8:00:52 PM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini ()
10/16/2006 4:57:44 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7c467374-28ad-4606-88ee-49e047ad5a1e ()
10/16/2006 4:57:44 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/17/2006 4:48:22 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/18/2001 5:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/29/2002 3:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/29/2002 3:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/29/2002 3:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/29/2002 3:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/29/2002 3:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/11/2006 9:43:00 PM 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl (NVIDIA Corporation)
8/11/2006 9:43:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
8/18/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/29/2002 3:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/18/2001 5:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.microsoft.com/microsof...?1158469007544
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsof...?1158468997544
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - MJLauncherCtrl Class - CodeBase = http://zone.msn.com/bingame/luxr/def...jolauncher.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get...nt/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/3/2006 7:49:10 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
9/12/2006 8:00:52 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/12/2006 12:51:08 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
9/12/2006 8:00:52 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
9/12/2006 12:51:08 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - C:\WINDOWS\System32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (PC Tools)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (PC Tools)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - ButtonText: Spyware Doctor =
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll ()
\\{4B4604E0-8961-11D4-A0EC-009099164712} - My MultiPASS = C:\Program Files\Canon\MultiPASS4\DTM4.DLL (Canon Inc)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemO bjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shel lex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\Back Ground\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll ()
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex \ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe ()
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll ()
WINDVDPatch - C:\WINDOWS\SYSTEM32\CTHELPER.EXE (Creative Technology Ltd)
UpdReg - C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
Jet Detection - C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
monitr32 - C:\Program Files\Canon\MultiPASS4\monitr32.exe (Canon Inc)
MPTBox - C:\Program Files\Canon\MultiPASS4\MPTBox.exe (Canon Inc)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{437A4E6A-B7C1-46BD-8400-2EC74050A525} - (Intel(R) PRO/100 VM Network Connection)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\NameSpace_Catalog5\Catalog_ Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\Protocol_Catalog9\Catalog_E ntries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler]
\belarc - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINDOWS\System32\msdxm.ocx ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filt er]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
AVG Anti-Spyware 7.5
AVG Free Edition
Belarc Advisor 7.2
Canon MultiPASS Suite 4.00
CCleaner (remove only)
Crazy Machines
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.7)
Netscape Browser (remove only)
NVIDIA Drivers
RealPlayer
Sound Blaster Live! Web 2K/XP
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
Windows XP Service Pack 1a

hijack list

hijack list

Similar Threads

Wish List

Program list

file list.... done it before, cant do it again

A list of 122 XP services